Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2025-48600 |
|
Vulnerability in google (CVE-2025-48600)
vulnerability in google (CVE-2025-48600). Confidential information can be exposed externally.
|
| CVE-2022-37055 KEV |
|
[KEV] Vulnerability in D-link routers (CVE-2022-37055)
vulnerability in D-link routers (CVE-2022-37055). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-66644 KEV |
|
[KEV] OS Command Injection in Array networks array-networks (CVE-2025-66644)
OS command injection in Array networks array-networks (CVE-2025-66644). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-34291 KEV |
|
[KEV] Vulnerability in langflow (CVE-2025-34291)
vulnerability in langflow (CVE-2025-34291). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `1.7.0` or later.
|
| CVE-2025-55182 KEV |
|
[KEV] Vulnerability in Meta react-server-components (CVE-2025-55182)
vulnerability in Meta react-server-components (CVE-2025-55182). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-40251 |
|
Vulnerability in c (CVE-2025-40251)
vulnerability in c (CVE-2025-40251). Risk of unauthorized operations or information disclosure. Exploitable via ``rate_leaf_parent_set``.
|
| CVE-2021-26828 KEV |
|
[KEV] Unrestricted File Upload in Openplc scadabr (CVE-2021-26828)
vulnerability in Openplc scadabr (CVE-2021-26828). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-65955 |
|
Vulnerability in imagemagick (CVE-2025-65955)
vulnerability in imagemagick (CVE-2025-65955). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `7.1.2-9` or later.
|
| CVE-2025-48633 KEV |
|
[KEV] Vulnerability in Android framework (CVE-2025-48633)
vulnerability in Android framework (CVE-2025-48633). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48572 KEV |
|
[KEV] Vulnerability in Android platform/frameworks/base (CVE-2025-48572)
vulnerability in Android platform/frameworks/base (CVE-2025-48572). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited. Mitigation: upgrade to `14:2025-12-01` or later.
|
| CVE-2021-26829 KEV |
|
[KEV] Cross-Site Scripting (XSS) in Openplc scadabr (CVE-2021-26829)
cross-site scripting in Openplc scadabr (CVE-2021-26829). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61167 |
|
SQL Injection in sqli (CVE-2025-61167)
SQL injection in sqli (CVE-2025-61167). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61168 |
|
Unsafe Deserialization in sigb (CVE-2025-61168)
vulnerability in sigb (CVE-2025-61168). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64047 |
|
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php.
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /user/user-move.php.
|
| CVE-2025-64048 |
|
Cross-Site Scripting (XSS) in yccms (CVE-2025-64048)
cross-site scripting in yccms (CVE-2025-64048). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-61757 KEV |
|
[KEV] Vulnerability in Oracle fusion-middleware (CVE-2025-61757)
vulnerability in Oracle fusion-middleware (CVE-2025-61757). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-13223 KEV |
|
[KEV] Vulnerability in Google chromium-v8 (CVE-2025-13223)
vulnerability in Google chromium-v8 (CVE-2025-13223). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61662 |
|
Use-After-Free in dos (CVE-2025-61662)
vulnerability in dos (CVE-2025-61662). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58413 |
|
Vulnerability in fortinet (CVE-2025-58413)
vulnerability in fortinet (CVE-2025-58413). Successful exploitation can lead to full system takeover.
|
| CVE-2025-53843 |
|
Vulnerability in fortinet (CVE-2025-53843)
vulnerability in fortinet (CVE-2025-53843). Successful exploitation can lead to full system takeover.
|
| CVE-2025-54821 |
|
Privilege Escalation in fortinet (CVE-2025-54821)
vulnerability in fortinet (CVE-2025-54821). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-63892 |
|
Cross-Site Scripting (XSS) in remyandrade (CVE-2025-63892)
cross-site scripting in remyandrade (CVE-2025-63892). Successful exploitation can lead to full system takeover.
|
| CVE-2025-58034 KEV |
|
[KEV] OS Command Injection in Fortinet fortiweb (CVE-2025-58034)
OS command injection in Fortinet fortiweb (CVE-2025-58034). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-63748 |
|
Unrestricted File Upload in testmanagement (CVE-2025-63748)
vulnerability in testmanagement (CVE-2025-63748). Successful exploitation can lead to full system takeover.
|
| CVE-2025-64046 |
|
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.
OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.
|
| CVE-2025-64446 KEV |
|
[KEV] Vulnerability in Fortinet fortiweb (CVE-2025-64446)
vulnerability in Fortinet fortiweb (CVE-2025-64446). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-40164 |
|
Vulnerability in c (CVE-2025-40164)
vulnerability in c (CVE-2025-40164). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62215 KEV |
|
[KEV] Vulnerability in Microsoft windows (CVE-2025-62215)
vulnerability in Microsoft windows (CVE-2025-62215). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-9242 KEV |
|
[KEV] Out-of-Bounds Write in Watchguard firebox (CVE-2025-9242)
out-of-bounds write in Watchguard firebox (CVE-2025-9242). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-12480 KEV |
|
[KEV] Vulnerability in Gladinet triofox (CVE-2025-12480)
vulnerability in Gladinet triofox (CVE-2025-12480). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-62199 |
|
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
|
| CVE-2025-60724 |
|
Vulnerability in microsoft (CVE-2025-60724)
vulnerability in microsoft (CVE-2025-60724). Successful exploitation can lead to full system takeover.
|
| CVE-2025-30398 |
|
Vulnerability in microsoft (CVE-2025-30398)
vulnerability in microsoft (CVE-2025-30398). Confidential information can be exposed externally.
|
| CVE-2025-21042 KEV |
|
[KEV] Out-of-Bounds Write in Samsung mobile-devices (CVE-2025-21042)
out-of-bounds write in Samsung mobile-devices (CVE-2025-21042). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-43438 |
|
Use-After-Free in apple (CVE-2025-43438)
vulnerability in apple (CVE-2025-43438). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-43433 |
|
Out-of-Bounds Write in apple (CVE-2025-43433)
out-of-bounds write in apple (CVE-2025-43433). Successful exploitation can lead to full system takeover.
|
| CVE-2025-43441 |
|
Buffer Overflow in apple (CVE-2025-43441)
vulnerability in apple (CVE-2025-43441). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-43407 |
|
This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS...
This issue was addressed with improved entitlements. This issue is fixed in visionOS 26.1, macOS...
|
| CVE-2025-11371 KEV |
|
[KEV] Vulnerability in Gladinet centrestack-and-triofox (CVE-2025-11371)
vulnerability in Gladinet centrestack-and-triofox (CVE-2025-11371). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-48703 KEV |
|
[KEV] OS Command Injection in Cwp control-web-panel (CVE-2025-48703)
OS command injection in Cwp control-web-panel (CVE-2025-48703). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61498 |
|
Vulnerability in dos (CVE-2025-61498)
vulnerability in dos (CVE-2025-61498). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-62230 |
|
Use-After-Free in xorg (CVE-2025-62230)
vulnerability in xorg (CVE-2025-62230). Confidential information can be exposed externally.
|
| CVE-2025-62231 |
|
Vulnerability in xorg (CVE-2025-62231)
vulnerability in xorg (CVE-2025-62231). Confidential information can be exposed externally.
|
| CVE-2025-41244 KEV |
|
[KEV] Vulnerability in Broadcom vmware-aria-operations-and-vmware-tools (CVE-2025-41244)
vulnerability in Broadcom vmware-aria-operations-and-vmware-tools (CVE-2025-41244). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-24893 KEV |
|
[KEV] Vulnerability in Xwiki platform (CVE-2025-24893)
vulnerability in Xwiki platform (CVE-2025-24893). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-56399 |
|
Code Injection in laravel (CVE-2025-56399)
code injection in laravel (CVE-2025-56399). Successful exploitation can lead to full system takeover.
|
| CVE-2025-6204 KEV |
|
[KEV] Code Injection in Dassault systèmes dassault-systemes (CVE-2025-6204)
code injection in Dassault systèmes dassault-systemes (CVE-2025-6204). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-6205 KEV |
|
[KEV] Vulnerability in Dassault systèmes dassault-systemes (CVE-2025-6205)
vulnerability in Dassault systèmes dassault-systemes (CVE-2025-6205). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2025-61795 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-61795). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.0.110, 10.1.47, 11.0.12` or later.
|
| CVE-2025-55752 |
|
Vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752)
vulnerability in org.apache.tomcat:tomcat (CVE-2025-55752). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.0.109, 10.1.45, 11.0.11` or later.
|